What should be secret?

BBC tech commentator Bill Thomspon wrote on Monday about, well, several things. Ostensibly, about security risks on the iPhone, but it rapidly got into much more interesting core issues.

The problem is apparently that we are all giving away too much information that should remain secret, like our date of birth, address and even details of which schools we have attended or where we have worked. This information should apparently be carefully protected because criminals can use it to fill in applications for credit cards or loans, stealing our identities and causing all sorts of problems. This seems to be entirely the wrong way around. I have never kept my birthday secret from my friends, partly because I like to get cards and presents, and I do not see why I should have to keep it secret from my online friends. If that means that other people can find out about it then the systems that assume my date of birth is somehow 'secret' need to adapt, not me.

I couldn't agree more. The fact that I cannot say this well is why I don't have a technology column read by people in other countries. I think about this a lot due to the new FCC regulations I spend a lot of my time working on these days. The FCC seems to get it. We are not supposed to use that sort of personal information for any security. At all. Not even for recovery or anything. Security uses unique passwords, and other such stuff. Well, actually there is a "shared secret" recovery or bypass as well, but I think its just because no one could come up with anything better; eventually, maybe we'll loose that also. Anyway, in theory this leaves us capable of thinking about interesting uses of that personal information. The FCC burdens us with calling practically anything personal CPNI, but it doesn't mean the customer can't reveal it themselves if they want to. Well, they can't really now, but perhaps some future, web 2.0 version of our site will let users publish Picture Mail, or Game Lobby or other community-related info thru RSS feeds. Think of how cool, and useful, a mashup of mobile photography, mobile location and public mapping tools could be. I also respect Bill for publishing his school, his mother's maiden name, his birthday, and so on. I cannot tell you how many people tell me, as though its bad, that my home address is on my website. Yeah, on purpose. I just added my GPS coordinates, among other things. I'm not even sure I'd bother hiding this stuff even if I was a true celebrity. The same security principles hold, so door locks should comply with the proximate risk. As a stalker-worthy person, I'd just upgrade the locks.

Admissability

Most everyone associated with security is familiar with the standard four layer security model. Well, in August of last year Bruce Schneier published a brief update of this on his blog. Dave Piscitello proposed adding another layer. I liked it so much that I typed out the whole list and stuck it on my cube wall so I wouldn't forget it.

• Admissibility: Is the host device/channel valid and safe?
• Authentication: Who are you?
• Authorization: What are you allowed to do?
• Availability: Is the data accessible?
• Authenticity: Is the data intact?

Although its on my wall, staring at me for the last year, I hadn't made any connections to it yet. I was thinking of hard wired shielded networks with proprietary connections. And there is plenty of argument about the validity; if its on an open network, and you rely on the machine to tell you everything is fine, that can be spoofed as well. The end result is I was not sure how it would ever apply to me until I looked at it this morning. I spend a lot of my time now designing UI and specifying behaviors for a bundle of fairly restrictive FCC regulations coming online on 12/8. If you don't work for a telecom, this is the fallout from that pretexting stuff last year. One of the components is notification of...everything. Changes, possible spoofing, password resets, etc. It all goes to your contact addresses on file. You get an email, text message, letter or whatever. And for extra security, you have to wait 30 days before a new address can be used (till then, all comms go to the old address). Presumably this gives time to correct an improper reset action by someone hacking in. But the 30 day rule is exempted for wireless devices. Specifically (I have presumed and specified; as its not super-well written) our wireless devices. See, we own the network, head to toe. We have control over the device's access to the network. If you report it stolen, its functionally disabled, immediately. And so on. So, this is a great example of device and network admissability in practice.